|
223381
|
9.8 |
CRITICAL
Network
|
amazon
|
firecracker
|
Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-18960
|
2024-11-21 13:33 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223382
|
9.8 |
CRITICAL
Network
|
telerik
|
ui_for_asp.net_ajax
|
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to th…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-18935
|
2024-11-21 13:33 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223383
|
6.5 |
MEDIUM
Adjacent
|
symantec
|
industrial_control_system_protection
|
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application us…
|
CWE-287
Improper Authentication
|
CVE-2019-18380
|
2024-11-21 13:33 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223384
|
7.1 |
HIGH
Local
|
dell
|
command\|configure
|
Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a ta…
|
CWE-59
CWE-427
Link Following
Uncontrolled Search Path Element
|
CVE-2019-18575
|
2024-11-21 13:33 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223385
|
7.5 |
HIGH
Network
|
shapeshift
|
keepkey_firmware
|
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. No…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2019-18672
|
2024-11-21 13:33 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223386
|
9.8 |
CRITICAL
Network
|
keepkey
|
keepkey_firmware
|
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability c…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18671
|
2024-11-21 13:33 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223387
|
6.3 |
MEDIUM
Network
|
norton
|
password_manager
|
Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be re…
|
CWE-346
Origin Validation Error
|
CVE-2019-18381
|
2024-11-21 13:33 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223388
|
7.2 |
HIGH
Network
|
intelbras
|
iwr_3000n_firmware
|
Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.
|
CWE-200
Information Exposure
|
CVE-2019-19007
|
2024-11-21 13:33 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223389
|
5.4 |
MEDIUM
Network
|
davical
|
davical
|
A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18347
|
2024-11-21 13:33 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223390
|
8.8 |
HIGH
Network
|
davical
|
davical
|
A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the applicati…
|
CWE-352
Origin Validation Error
|
CVE-2019-18346
|
2024-11-21 13:33 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
